# LDAP Login Actions LDAP Authentication integration provides the ability to authenticate users directly against an LDAP service such as OpenLDAP or Active Directory. The LDAP Login action connects the Username and Password credentials from the form to the LDAP directory.
## Settings **Username Field:** The Username field from the form mapped to the username field from the LDAP directory **Password Field:** The Password field from the form mapped to the username field from the LDAP directory **Passthrough:** If checked, any failures except for a failure to Bind the user account, will be ignored and the login information will be passed to the next form action. This allows using both LDAP and the Form.io Login action on the same form. **LDAP Property:** Group name within the LDAP directory **Value:** Given Role from the LDAP Directory **Role:** Form.io role the Property group and Value will map to. ## Walkthrough {% hint style="info" %} LDAP Integration must first be configured within your Project settings before the workflow can function. [**Click Here for more information on integration setup.**](https://help.form.io/developers/auth/ldap) {% endhint %} ### Build an LDAP Login Form Create a new form that will be used to Login to LDAP: 1. Click on **New Form**, and then add a User Name **text field** and a **Password** field named Password: ![](https://501951130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6LdEf8SjBIeQDsRL3BdV%2Fuploads%2FazRSNRzBPsYViBOWSfuZ%2Fldap2.png?alt=media\&token=dbd1f100-ff0f-4789-9ed4-9b4447a4ab15) 2. Click the **Create Form** button to create the new form. Next, ensure that Anonymous users are able to submit this form. 3. Click on the **Access** settings and add the Anonymous role to the Create Own Submissions permission. ![](https://501951130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6LdEf8SjBIeQDsRL3BdV%2Fuploads%2FOp0ZflDjsJe2uMPgXHyt%2Fldap3.png?alt=media\&token=22f1f820-82c0-45ed-9345-21dde5dec4b4) ### Add the LDAP Login Action 1. Navigate to the **Actions** section of the form. 2. Remove the Save Submission Action by clicking the red trash can icon. 3. Select **LDAP Login (Premium)** then click **Add an action** button. ![](https://501951130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6LdEf8SjBIeQDsRL3BdV%2Fuploads%2FBJfi2jELmYnNpPLnq2q2%2Fldap4.png?alt=media\&token=0f9b75f3-74eb-4da5-a6f7-a31dec6cb1f1) ### Configure the LDAP Login Action 1. Within the LDAP Login Action, configure the following parameters: 1. **Username field -** Map to the Form's User Name component. 2. **Password Field -** Map to the Form's Password component. 3. **LDAP Property -** Leave blank 4. **Value** - Leave blank 5. **Role** - Select **Authenticated** This will assign the Authenticated role to all LDAP users who authenticate through the form. ![](https://501951130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6LdEf8SjBIeQDsRL3BdV%2Fuploads%2FxP7QDIltgEPtrWIic2aA%2Fldap5.png?alt=media\&token=e21f9085-d79b-4e39-8954-bcfd6a097410) {% hint style="info" %} When using Passthrough authentication, any failures except for a Failure to Bind the User Account, will be ignored and the login information will be passed to the next form action. This allows using both LDAP and the Form.io Login action on the same form. {% endhint %} ### Assign Roles To assign additional roles to the usesr upon Authentication, map any LDAP properties to user roles: 1. Fill in the **property** with the corresponding property that maps to the desired role. 2. Fill in the corresponding **value**. 3. Select the **Role** that will be assigned to any users who match the criteria.\ For example: * **LDAP Property**: *group* * **Value**: *Admins* * **Role**: *Admin* Would assign the Admin Form.io role to any members of the LDAP Admins group. {% hint style="info" %} Leaving **LDAP Property** and **Value** will to assign the role to all LDAP accounts who authenticate. {% endhint %} The user’s DN is also mapped to the list of properties. For example, if the DN is `dn=myname,ou=admins,dc=example,dc=org` you can do: * **LDAP Property**: *ou* * **Value**: *admins* * **Role**: *Admin* 4. **Save** the changes before proceeding. ## Testing LDAP Login To test the LDAP login, perform the following API request within **Postman**: ![](https://501951130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6LdEf8SjBIeQDsRL3BdV%2Fuploads%2FQ2nnEnq8sJAfo9kpEPXf%2FPostman%202021-07-30%2011-08-49.png?alt=media\&token=575e6b18-374c-49a3-967b-561447d933b8) Here you will see that the **Authenticated** role has been assigned to the user object.